Analysis updated 2026-05-18
Scan a public MCP registry for server names that mimic popular trusted packages before adding one to your project.
Compare two published versions of an MCP server to spot newly introduced network calls or obfuscated code.
Generate a ranked CSV of suspicious candidates for your team to review before deploying any MCP tooling.
| nesqcck/mcp-registry-audit | a-bissell/unleash-lite | abhiinnovates/whatsapp-hr-assistant | |
|---|---|---|---|
| Stars | 1 | 1 | 1 |
| Language | Python | Python | Python |
| Setup difficulty | moderate | hard | hard |
| Complexity | 3/5 | 4/5 | 3/5 |
| Audience | developer | researcher | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires Python 3.12+ and a virtual environment, a GitHub API token is optional but needed for richer enrichment results.
MCP (Model Context Protocol) is an open standard that lets AI systems connect with external tools and data sources. As more developers publish these tool servers to public registries, a new category of supply-chain risk has emerged: a server can start out benign, gain adoption, and then introduce malicious code in a later version, or someone can create a server whose name closely resembles a trusted one to trick developers into installing a fake. mcp-registry-audit is a command-line tool that scans public MCP registries to surface both of these threats before a developer ever installs anything. It is strictly read-only: the tool fetches only public metadata over plain HTTP, and it never installs, runs, imports, or unpacks any of the packages it inspects. Any suspicious URLs found inside a package listing are treated as text to score, not addresses to contact. The tool runs two separate detection pipelines. The lookalike pipeline checks server names against a list of known brands using name-distance calculations, homoglyph detection (where characters look similar but differ), and signals like a mismatch between publisher and brand name, a very new repository, or an official-sounding name from a low-trust account. The version-drift pipeline fetches consecutive published versions of a server from npm, PyPI, or GitHub and compares them to find newly added outbound network calls, hardcoded endpoints, install hooks, or signs of obfuscation. Each flagged candidate comes with a named signal and its evidence, so a human can read the source and decide whether to dismiss or investigate further. To use it, a developer clones the repository, sets up a Python virtual environment, installs the package, then runs commands like hunt pull, hunt lookalikes, or hunt diff. Results are saved locally as JSON, CSV, and spreadsheet files. Setting a GitHub API token in the environment allows the tool to retrieve richer data during enrichment. All cache and output files stay local. The project is built on Python 3.12 and uses httpx for network requests, pydantic for data modeling, typer for the command-line interface, and rapidfuzz for name-distance scoring.
A read-only CLI that scans public MCP server registries to flag packages that look like fakes or have quietly turned malicious between versions, without ever running the packages it checks.
Mainly Python. The stack also includes Python, httpx, pydantic.
No license information was found in the README.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.